More regulations make Web sites less trustworthy, study shows

Placing strict controls and regulations on website operators does not make the Internet more secure and private for users, a new study shows. In fact, stringent policies seem to make the matter worse, says Dr. Karim Jamal, a professor in the University of Alberta School of Business.

At issue is the practice of requiring web surfers to submit personal information in order to conduct online transactions. Web proprietors can then track the users' online activities and tailor marketing strategies that target the people who come to their sites. Sometimes they'll even sell the information to third parties, who stuff unsuspecting surfers' e-mail boxes with unwanted marketing messages.

"Let's put it this way," Jamal said. "We've found that there are some reputable and highly used sites that you will come to regret ever registering for or doing business on."

Jamal's research involved an analysis of the top 100 business websites in the United States before the recently passed laws to regulate the tracking and selling of information had taken effect. Working with a colleague, Dr. Norman Bowie of the University of Minnesota, Jamal then compared the U.S. results with the results of an analysis of the top business sites in the U.K., where a large government bureaucracy regulates and monitors the actions of online operators.

Using specialized "web-crawler" software, they were able to navigate through the sites and learn whether or not the site operators were tracking their activities. Then, over a period of six months, the researchers monitored how each of the companies used information related to their online activities. Finally, the researchers checked each site for disclosure information and cross-referenced what they found--or didn't find--with the results of their software analysis.

"We found that the unregulated websites in the U.S. function just as securely and privately as the regulated sites in the U.K. Most of the web operators in the U.S. and the U.K. were open and honest and did a good job of protecting user information," Jamal said.

"However, we also found that a small percentage of operators in both countries were cheaters, and the worst of the worst of the sites operated in the U.K," added Jamal, who co-authored a paper on this topic that was recently published in the journal Business Ethics Quarterly.

The researchers also found that U.K. operators weren't as forthcoming as their U.S. counterparts in disclosing how their sites operated and what they were doing with the information they were gathering.

"You could tell the guys who were operating in the regulated market only disclosed what they were told they had to by law. Even then, what they wrote was mostly unreadable legalese," Jamal said.

"In the regulated system, the people who cheat will cheat big. They won't sell your information to a few people, they'll sell it to thousands of people," he said. "I guess they figure if they're going to cheat they might as well make it worth their while."

Jamal added that the highly regulated U.K. system, which is similar to the system used throughout Europe, costs taxpayers a lot of money, even though it isn't particularly effective.

Based on this evidence, Jamal believes the best system to protect web users is a self-regulated one, such as the one in the U.S., where operators rely on word of mouth and seals of approval from organizations such as the Better Business Bureau to promote their clean practices. Witholding or adapting regulations as techonological advances "play out" is also a good idea, he said.

An expert in accounting and auditing ethics, Jamal initiated the online privacy study because the web, being relatively new, provides good testing grounds to measure the effect of regulatory policies. Trying to accomplish the same feat in the older, convoluted world of accounting is extremely difficult, he said.

His ultimate goal is to provide insights to help policy-makers improve accounting systems so that disasters such as the Enron and WorldCom collapses become less likely.

"I think people who deal in accounting are a lot like the operators on the web. Most are honest, some are cheaters and you have to develop a system that evolves gradually to make it harder for the cheaters to operate. What you don't want is for the system to be hi-jacked to only focus on the cheaters," Jamal said.

"Our research is showing us that relying on strict regulations and harsh, punitive laws only costs more to implement, creates complexity and confusion and leads to more extreme cases of cheating," he added.

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.